Click here to visit Original posting
CIA Special Agent 767 Screen Locker Removal Guide
- Wed, 14 Dec 2016 12:41:31 EST
- Read 38 times
The CIA Special Agent 767 Screen Locker is a Trojan that displays a screen containing a CIA badge that states that the files on the computer have been encrypted. It then prompts you to send an "early bird" discount of $100 to the listed bitcoin address to get the decryption key. It goes on to further state that the amount will increase after 5 days. This message is fake, though, as the files are not encrypted and this is simply a lock screen trying to trick you into paying a ransom.
Thankfully, the unlock code for this scam could be retrieved from the executable and can be entered into the field to terminate the screen locker. Due to the words used in the code, I do not want to post it on the site. The unlock code for this screen locker is the same as the one in this tweet. This screenlocker can also easily be removed simply by reboot into safe mode and performing a security scan from there.
The text of the screenlocker is:
IMPORTANT! PLEASE READ!
Unfortunately the files on this computer (documents, photos, videos) have
been encrypter using an extremely secure and unbreakable algorithm. This
means that the files are now useless unless they are decrypted using a key.
The good news is that your files are not lost forever! This tool is able
to rescue the files on your computer for you!
BY PURCHASING A LICENSE FROM US, WE ARE ABLE TO RESCUE YOUR FILES 100% GUARANTEED
FOR EVERY LOW EARLY BIRD PRICE OF ONLY $100 USD!* In 5 days however, the price of this service
will increase to $250 USD, and after $500 USD.
Payment is accepted in Bitcoin only. You can purchase Bitcoin very easily in your area by bank transfer,
Western Union, or even cash.
Visit www.localbitcoins.com to find a seller in your area. You can also goolge Bitcoin Exchanges to find
other methods for buying Bitcoin
Please check the current price of Bitcoin and ensure you are sending the correct amount before making your payment! Visit
www.bitcoinaverage.com for the current Bitcoin Price.
After making your payment, please wait up to 24 hours for us to make your key available. Usually done in much less time however.
IMPORTANT: Once the key is available and you click \"Decrypt Files\", please wait and let the decryption process complete before closing
this tool. This Process can take from 15 minutes to 2+ hours depending on how many files need to be decrypted. You will get a
notification thatthe decryption process is complete, at which time you can click \"Exit\". Removing this tool from your computer without first
decrypting your files will cause your files to be lost forever.
Bitcoin Address: 1GmGBH9ra2dqA8CgRg8a8Rngx4qHb2hLDW
*Please note that early bird qualification is determined from the date that this tool was first run as recorded on our servers.
Once the correct pass code is entered, the alert that is shown will contain this text:
JUST DELETE IT
TO REMOVE IT
HAHA YOU HAVE BEEN
FOOLED
How did the CIA Special Agent 767 Screen Locker get on my computer?
It is not currently known how this Trojan is being distributed. It could be distributed using fake software cracks or through free programs you download off of the Internet. As more information becomes available, we will update it here.
As the current unlock code is known and we can use Safe mode with Networking clean the computer, removing this infection is fairly easy. If the code does not work or you are unable to remove it on your own, you can use the removal guide below to remove the CIA Special Agent 767 Screen Locker for free.
[path_to]\receipt69.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WindowsApplication1 [path_to]\receipt69.exe